Security firm Lookout is sounding alarm of a growing trend in Android malware, while market research company Retrevo notes that Android users are the least prepared and informed about malicious mobile software. Both note that Apple's stringent control over iOS has resulted in a far safer mobile platform for users.

Lookout collects information from ten million devices globally via integration with more than 700,000 apps. The firm reports an 85 percent increase in the number of mobile malware detections among its monitored users, noting that Android users are 2.5 times as likely to encounter malware than just six months ago.

In the first half of the year, Lookout reports that unique Android apps tainted with malware had grown from 80 to more than 400 titles by June. Even so, Lookout noted that "while [Android] malware has increased at a faster rate then spyware, Android users are still slightly more likely to encounter spyware than malware."

In contrast, there are no known iOS malware or spyware apps in the App Store. As Lookout states, "currently, malware and spyware have primarily targeted Android devices, though there are commercial spyware applications available for jailbroken iOS devices."

The open nature of Android's official Google Market, Amazon's Appstore, and other alternative download sites has enabled malicious users to easily add malware to existing legitimate apps and then repost them for sale or free distribution. One example of this, known as DroidDream, has been added to at least 80 different Android titles, using a process illustrated by Lookout (below).

Lookout also drew attention to a new risk for Android Market users it refers to as an "update attack." The firm notes that "recently, malware writers have begun using application updates as an attack method in the Android Market. A malware writer first releases a legitimate application containing no malware. Once they have a large enough user base, the malware writer updates the application with a malicious version."

Malvertizing also unique to Android

Another vector for malware distribution on Android devices is tainted web links, where users are directed to click on links (sometimes through legitimate looking mobile ads) that open up a web page and cause tainted software to automatically be downloaded to the device.

Lookout warns the this new threat, referred to as "malvertizing," has successfully ensnared about three out of ten users and that the practice is growing.

The design of iOS prevents software from being directly downloaded off the web, although web based exploits can be used to attack Apple's devices. "Thankfully," Lookout notes, "we havent seen evidence of these exploits being used maliciously; they were primarily used to allow users to jailbreak their devices."

Both iOS and Android users can fall prey to phishing scams, which don't necessarily involve any breech of security or installation of malware. Instead, users are simply tricked into supplying their login credentials, credit card information, or other data through a social engineering scam.

Mobile security through software patches

Protection from the potential security threats of exploitable software is delivered through firmware and OS updates. Lookout notes that among Android devices, "it is up to device manufacturers to produce a device-specific firmware update incorporating the vulnerability fix, which can take a significant amount of time if there are proprietary modifications to the devices software."

Android licensees often take between three to six months to deliver the latest updates to their users. Apple provides updates that users can install the same day they are made available, as there are no middleman hardware makers or carriers to hold up the rollout of such software. Still, many users fail to update their iOS devices, Lookout notes.

"Many users simply plug their iOS devices into an outlet to charge them and rarely sync. According to one report, as many as 50 percent of iPhone users do not regularly sync with iTunes and thus are unlikely to receive critical security updates," Lookout states.

The firm adds that "Apple has announced that its upcoming iOS 5 will support firmware updates downloaded over the air and will not require syncing with a computer to apply them."

Mobile security from physical threats

An additional risk noted by Lookout involves physical threats, where a user's phone is lost or stolen and sensitive information can be recovered. In this respect, users can protect themselves using password protection or other precautions to protect their data.

A report by Retrevo notes that out of a 1,000 users, 61-62 percent of iPhone and BlackBerry users were using password protection, while only 49 percent of Android users were. Conversely, only 29 percent of iPhone users said they having done anything to prevent others from misusing data on their phone, while 39 percent of Androids users said they weren't doing anything.

The firm reported similar numbers on the awareness of viruses and malware, stating, "Apple iPhones are much less susceptible to malware partly because more stringent oversight from Apple keeps iPhone owners out of harms way. The open sourced-based Android phones are much more susceptible to malware however it appears that fewer Android owners are aware of this."

While 36 percent of iPhone owners reported thinking that their phone could be infected by malware, only 32 percent of Android users were aware of any risk, despite the sharply growing threat among Android phones and the far greater likelihood of infection due to the permissiveness of Google's software platform design.

In terms of recovering a lost phone, only 26 percent of iPhone users said they didn't know how to use a recovery service (such as Apple's Find My iPhone), while 39 percent of Android users didn't know about recovery options. Conversely, 37 percent of iPhone users said they would use a recovery service, while only 18 percent of Android users said they would.

iOS is only more secure since it has lower market share than Android. Once iOS market share increases closer to that of Android, it will see far more virii and malware since it is not more inherently secure on the os level...

iOS is only more secure since it has lower market share than Android. Once iOS market share increases closer to that of Android, it will see far more virii and malware since it is not more inherently secure on the os level...

iOS is only more secure since it has lower market share than Android. Once iOS market share increases closer to that of Android, it will see far more virii and malware since it is not more inherently secure on the os level...

Android fanboys will defend their platform simply by stating that the affected users were just too stupid to use a smartphone, and if they can't root their phone, or manage memory/battery resources, then they have no business using one.

Even certain (unnamed) android enthusiasts sites are entertaining the thought of having Google instantiate a sort of walled-garden approach like Apple. Hell is freezing over, and hypocrisy is all over the place.

As far as I'm concerned, iOS' App Store is still the best and most solid way to go. I don't want to have to think twice about whether or not I "trust" a certain app. Apple did it for me, and I have better things to do with my life than to start second guessing things I put on my iPhone. I'm beyond that now.

The dedication that fandroids have towards this broken security model will be their undoing. They're scared to death to admit that maybe, just maybe, Apple got this part right.

iOS is only more secure since it has lower market share than Android. Once iOS market share increases closer to that of Android, it will see far more virii and malware since it is not more inherently secure on the os level...

Couldn't somebody technically use the PDF exploit to brick anybody's iPhone that visits a malicious website that has 4.3.3 or earlier installed? Fortunately nobody has used it for malicious purposes, but I have wondered about that.

iOS is only more secure since it has lower market share than Android. Once iOS market share increases closer to that of Android, it will see far more virii and malware since it is not more inherently secure on the os level...

I picked up on it and thought if funny. Instead if the sarcasm tag you could try using punctuation that indicates sarcasm, like the upside-down exclamation point (¡).

Dick Applebaum on whether the iPad is a personal computer: "BTW, I am posting this from my iPad pc while sitting on the throne... personal enough for you?"

Couldn't somebody technically use the PDF exploit to brick anybody's iPhone that visits a malicious website that has 4.3.3 or earlier installed? Fortunately nobody has used it for malicious purposes, but I have wondered about that.

They could. The JailbreakMe solution is very clever which makes it very complex. Whomever made it has some serious skills.

Dick Applebaum on whether the iPad is a personal computer: "BTW, I am posting this from my iPad pc while sitting on the throne... personal enough for you?"

iOS is only more secure since it has lower market share than Android. Once iOS market share increases closer to that of Android, it will see far more virii and malware since it is not more inherently secure on the os level...

serious?

What ever, I've zero sympathy for droid heads.

From Apple ][ - to new Mac Pro I've owned them all.Long on AAPL so biased"Google doesn't sell you anything, Google just sells you!"

Really the virus thing is a joke. Just like windows the average user does not have to worry about viruses. I have only gotten one virus, let me tell you that is with getting two emails from my university telling me I am using to much download bandwidth, one threat from time Warner. To put things into perspective I download alot. Only virus I ever got was on my old blackberry. Never had any issues with windows seven and kepresky (free with my motherboard) or my current Android phone and not with the tablet in my hand. Of course ifvyou adopted a market based system to deliver Apps you run the risk of having some ass-hat making a malicious software. Good thing is google is quick to react and remove the Apps when they are reported and removing them.

iOS is only more secure since it has lower market share than Android. Once iOS market share increases closer to that of Android, it will see far more virii and malware since it is not more inherently secure on the os level...

Really the virus thing is a joke. Just like windows the average user does not have to worry about viruses. I have only gotten one virus, let me tell you that is with getting two emails from my university telling me I am using to much download bandwidth, one threat from time Warner. To put things into perspective I download alot. Only virus I ever got was on my old blackberry. Never had any issues with windows seven and kepresky (free with my motherboard) or my current Android phone and not with the tablet in my hand. Of course ifvyou adopted a market based system to deliver Apps you run the risk of having some ass-hat making a malicious software. Good thing is google is quick to react and remove the Apps when they are reported and removing them.

Yup it's a joke that everyone that uses a PC has to use antivirus. Good thing Google is still allowing the Android Marketplace to be rampantly uncontrolled but quick to react... Once people report apps.

Yup it's a joke that everyone that uses a PC has to use antivirus. Good thing Google is still allowing the Android Marketplace to be rampantly uncontrolled but quick to react... Once people report apps.

Agree with the 2nd point, the first however depends on what type of AV software. Are we talking 3rd party like Norton, AVG, Malwarebytes? Because even then while the overwhelming amount of windows users DO use AV software, taken literally your statement would be false.

Quote:

Originally Posted by J.R.

Prevention (so that these apps never make it to the market) would be infinitely better.

Really the virus thing is a joke. Just like windows the average user does not have to worry about viruses. I have only gotten one virus, let me tell you that is with getting two emails from my university telling me I am using to much download bandwidth, one threat from time Warner. To put things into perspective I download alot. Only virus I ever got was on my old blackberry. Never had any issues with windows seven and kepresky (free with my motherboard) or my current Android phone and not with the tablet in my hand. Of course ifvyou adopted a market based system to deliver Apps you run the risk of having some ass-hat making a malicious software. Good thing is google is quick to react and remove the Apps when they are reported and removing them.

I think that the problem with the Android Market is that it's way too easy to install something suspicious if you don't know what you are doing. That's why I downloaded a virus protection program on my Android. I haven't found anything yet, but I'd rather be one step ahead of the game, and if I do loose my phone I can find it. the IOS on the other hand restricts things all over the place and gets quality software in their market. IMHO I think the best solution would be to have a closed Android Market that is only closed in the sense "we make sure your app isn't malicious and works as intended and we'll let you lin". If they do that it might solve lots of issues.

I think good things are coming constantly from Apple, so there should be no need to publish such rubbish as this "article" in order to make people here feel good. Even if there was a grain of truth in the FUD above, those who should care about it are likely not on AppleInsider... Do you think Android users give a sh8t about this "epidemic"? Probably just as little as any iOS user about the recurrent browser exploits...

... That's why I downloaded a virus protection program on my Android...

Having to load anti-virus on a phone. How sad is that. Yet the phandroid community finds this acceptable.

Welcome to Android people. The mobile version of Windows XP!!! No wonder they will need quad-core and higher CPU's to handle all the bloatware that will have to be running just to keep the handset from being compromised!!

Any unbiased comparison of iOS, Android and malware would have to conclude that Android users have more to be concerned about than Apple users. No doubt about that at all. It doesn't mean iOS is immune, but Apple's closed loop certainly keeps any malware dangers to a minimum.

At the same time, is the danger of malware infection really that high if users stay to the official Android Market? Personally I don't think so. There's been billions of app downloads from Google's Android Market, yet just a comparatively tiny number of users affected by malware infecting any of those applications. At least so far. . .